BYOD: Dessert or Disaster?

by Brian Katz on March 13, 2013 · 4 comments

It’s telling that Bring Your Own Device is shortened into the acronym BYOD. It’s just another 4 letter word that depending on the context you use it in, is either your company’s downfall or its savior. For some, it’s just another way to save money on the bottom line. Most people know by now though, that if your intention is to save money, you’re barking up the wrong tree. Then there are those that know that providing their users with the right devices can aid in productivity. It’s not really a stretch to think this, as they are tons of news stories and surveys out there showing that people are spending more time working and are producing more. Of course, you have the other side that looks at BYOD as Bring Your Own Disaster, just another security problem where all your corporate data just sits there waiting to be misappropriated while your users goof off playing angry birds.

The truth is, it’s already too late to start worrying about your data being exposed. People have been taking corporate data and putting it on their own devices for years. The only difference now is that it has become much easier with new tools such as  Dropbox, SugarSync and the like to get your company’s data from your internal data stores to your users’ devices.

You are now stuck with a choice. We can mandate security and lock down endpoints. This is what most companies end up doing. They control the endpoint as a way of securing the data. It’s not a bad option; it’s good to secure the data on the endpoint and it makes it easier to do something when those devices are compromised. It just tends to ignore the one thing it shouldn’t…your users.

Once you look past people trying to steal your data from a corporate espionage point of view, you begin to realize that many data exposures are due to your user’s habits. The one thing we spend the least amount of time on is our users. We discuss BYOD and how to secure the device, what apps users should use on those devices and what policies need to be in place. We spend the very little of our time focusing on the users themselves.

This has to change because, in the end, your users are what you sink or swim with. You need to bring them into the loop and work with them, not dictate to them. There are two pieces to this strategy. First, you need to focus on educating your users. What are the things they should be doing? What shouldn’t they be doing? (This should be part of your policies as well) What sorts of situations might they get in that would be dangerous either for them or for the company in concern with the data. Remember, if it’s their own device, it’s not just corporate data that lives on it but their private data as well. They’re not trying to be unsafe with the data; they’re just trying to get things done the best way they can. Teach them how to do just that and at the same time build good habits tat keep everyone’s data secure.

This leads to the second part of your strategy. You have to Focus on the User’s Needs, what I call the FUN principal. There’s a reason your users have moved corporate data to their device. Figure out what they are doing with the data and why they need it. Look at what apps they use with the data. Chances are, your users found the best apps to enable themselves to get their work done. They just want to be able do their job as quickly as possible so they can spend time with their families, concentrating on their personal lives. Use the work they have already put in and build upon it. If they are using Dropbox to move their data around, figure out if you can find a way to allow them to do that securely. If you can’t, work with them to find an alternative that is just as frictionless for them but that you can secure. If they are using Evernote to take notes, maybe the business has to buy a subscription to the pro version and have their users encrypt the data. Concentrate on what your users have already figured out and use that knowledge to enable them securely while keeping the experience as frictionless as possible.

The goal here is use mobile to enable your users to be more flexible and agile, which allows them to be more productive and efficient. You do this through education and FUN that hopefully leads your users to a frictionless experience. The BYOD genie may already be out of the lamp, but you get to decide (apologies to singer Keri Hilson and rapper Kanye West) whether it’s dessert or disaster.

{ 4 comments… read them below or add one }

Walter Paley March 13, 2013 at 3:04 pm

“your users are what you sink or swim with.”

Love it, and it doesn’t get said enough. You’re right that once you eliminate fears of malicious internal abuse of proprietary data, you have to treat your users as your biggest asset. They are the ones that will either use or ignore the tools that you spent so much time to develop and deploy… wasting your time if you don’t include users in the process!

Reply

Bob_Egan March 13, 2013 at 4:57 pm

You’re spot on Brian. The problem I see in many end user organizations is they remain stuck in the legacy of what was conventional IT thinking. In these environments IT acts as both a command/control and enablement center against a faceless set of LOB feature requirements. Of the IT investments were couched by the questions;
– what do we need to do?
– what tools do we need to accomplish this?
– how do we manage and audit what we need to do?

Modern IT now adds the questions: who needs to use this stuff, how do they want to use it? Of course this is new or even unique to mobile. But, I do think that mobile is amplying or at least raising a more serious awareness within many companies.

Reply

Ernie Huber March 18, 2013 at 11:18 pm

Great post Brian
I couldn’t agree more with the goal you wrote…..”use mobile to enable your users to be more flexible and agile, which allows them to be more productive and efficient. ” That should be the mantra of every mobility team.

I love this line, “Concentrate on what your users have already figured out and use that knowledge to enable them securely while keeping the experience as frictionless as possible.” This is exactly what we have been doing. Mobility, and especially apps, are evolving so fast you can’t possibly keep up with just a small team of mobility experts.

I say, embrace the creativity of your workforce to become more productive and then work WITH them to come up with a solution that meets their needs but the company can get comfortable with.

Reply

Reality Check March 29, 2013 at 3:04 pm

“Once you look past people trying to steal your data from a corporate
espionage point of view, you begin to realize that many data exposures
are due to your user’s habits.”

Great point! For the most part, your employees aren’t actively trying to steal data. But how they use their devices could inadvertently be exposing your data to the world at large. BYOD is great but you have train your employees to re-think how they go about their mobile lives.

Reply

Leave a Comment

Previous post:

Next post: